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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )□ Responsive to communication(s) filed on 28 September 2000 and 16 March 2004 . 
2a)D This action is FINAL. 2b)H This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [3 Claim(s) 1^9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1^9 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)E3 The drawing(s) filed on 28 September 2000 is/are: a)[x] accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) M Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) |2 Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date 2 28 September 2000 . 



4) CI Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) CD Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 



U.S. Patent and Trademaifc Office 
PTOL-326 (Rev. 1-04) 
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Application/Control Number: 09/672,206 
Art Unit: 2141 

DETAILED ACTION 

Claim Rejections - 35 USC §102 

1. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), 
(2), and (4) of section 371(c) of this title before the invention thereof by the applicant for 
patent. 

2. The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 do not 
apply when the reference is a U.S. patent resulting directly or indirectly from an international 
application filed before November 29, 2000. Therefore, the prior art date of the reference is 
determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre- AIPA 35 U.S.C. 102(e)). 

3. Claimjs) 1-9 is/are rejected under 35 U.S.C. 102(e) as being anticipated by Poletto et 
ah (US Patent Application Publication No. 2002/0031134 and Poletto hereinafter). 

4. As per claim(s) 1 Poletto discloses controlling a network switch to divert a predetermined 
fraction of SYN packets destined for said server, to a web guard processor, (See Paragraph 0004- 
0008) establishing a first TCP connection between one or more clients originating said packets and 
said web guard processor, and a second TCP connection between said web guard processor and said 
server, so that packets can be transmitted between said one or more clients and said server, (See 
Paragraph 0060-0062) monitoring the number of timed-out connections between said web guard 
processor and said one or more clients, (See Paragraph 0062-0063) if the number of timed-out 
connections between said web guard processor and said one or more clients exceeds a first 
predetermined threshold, controlling said switch to divert all SYN packets destined, to said server to 
said web guard processor, (See Paragraph 0063-0072). 
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5. As per claim(s) 2 Poletto teaches the claimed invention as described in claim(s) 1 above and 
furthermore discloses generating an alarm indicating that said server is likely to be under attack, 
(See Paragraph 0055-0058). 

6. As per claim(s) 3 Poletto teaches the claimed invention as described in claim(s) 1-2 above 
and furthermore discloses determining if the number of timed-out connections between said web 
guard processor and said clients exceeds a second predetermined threshold, and if so, controlling 
said switch to delete (i.e., reset) all SYN packets destined for said server, (See Paragraph 0060- 
0072). 

7. As per claim(s) 4 Poletto teaches the claimed invention as described in claim(s) 1-3 above 
and furthermore discloses the step of generating an alarm indicating that said server is under 
attack, (See Paragraph 0055-0058). 

8. As per claim(s) 5 Poletto teaches the claimed invention as described in claim(s) 1-4 above 
and furthermore discloses notifying said server that it is under attack, (See Paragraph 0038). 

9. As per claim(s) 6 Poletto teaches the claimed invention as described in claim(s) 1-5 above 
and furthermore discloses notifying other web guard processors in said network that said server is 
under attack, (See Paragraph 0037-0040). 

10. As per claim(s) 7 Poletto discloses arranging a switch receiving said SYN packets destined to 
said server to forward said SYN packets to a TCP proxy arranged to operate without an associated 
cache, whereby said TCP proxy, when subject to a CSDOS attack, does not successfully establish a 
TCP connection with said malicious host, and no TCP connection is made from said TCP proxy to 
said server, thereby protecting said server from said attack, (See Paragraph 0048-0055). 
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11. As per claim(s) 8 Poletto discloses forwarding a statistical sampling of packets from a switch 
in said network to a processor, if packets in said sampling indicate am attack, alerting the operation 
of said switch to reduce the effects of said attack, (See Paragraph 0042-0048). 



12. As per claim(s) 9 Poletto teaches the claimed invention as described in claim(s) 8 above and 
furthermore discloses said switch is arranged to discard packets in the event an attack is detected, 
(See Paragraph 0060-0062). 



Conclusion 

13. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Sajid A Yussuf whose telephone number is (703) 305-8752. The examiner can 
normally be reached on Monday-Thursday 7:30-5:00 PM and Alternate Fridays. 

14. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Rupal Dharia can be reached on (703) 305-4003. The fax phone number for the organization where 
this application or proceeding is assigned is (703) 872-9306. 

15. Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 



Sajid Yussuf 
Patent Examiner 
Technology cent< 
26 May 2004 





